baner

Thứ Tư, 18 tháng 12, 2013

Bài Lab 17.1 Triển Khai Hệ Thống OPENVPN

09:06:00  Unknown  Chưa có nhận xét nào

Downloading and Installing OpenVPN

  1. Download the installer from here and run it on the server computer.(copy từ máy giáo viên tập tin openvpn-2.2.2-install.exe)
  1. Install OpenVPN on each client. (This step can be skipped for now and done at any convenient time)

Certificates and Keys

Preparatory Steps

  1. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:
    1. Press Windows Key + R
    2. Type "cmd.exe" and press Enter. 
      cmd.exe
    3. Navigate to the correct folder: 
      cd "C:\Program Files\OpenVPN\easy-rsa"
  1. Initialize the OpenVPN configuration: 
    init-config
    • NOTE: Only run init-config once, during installation.
  1. Open the vars.bat file in a text editor: 
    notepad vars.bat
  1. Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information: 
    set KEY_COUNTRY=US
    set KEY_PROVINCE=CA
    set KEY_CITY=SanFrancisco
    set KEY_ORG=OpenVPN
    set KEY_EMAIL=mail@host.domain
  1. Save the file and exit notepad.
  1. Run the following commands: 
    vars
    clean-all

Building Certificates and Keys

  1. The certificate authority (CA) certificate and key: 
    build-ca
    • When prompted, enter your country, etc. These will have default values, which appear in brackets. For your "Common Name," a good choice is to pick a name to identify your company's Certificate Authority. For example, "OpenVPN-CA": 
      Country Name (2 letter code) [US]:
      State or Province Name (full name) [CA]:
      Locality Name (eg, city) [SanFrancisco]:
      Organization Name (eg, company) [OpenVPN]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
      Email Address [mail@host.domain]:
  1. The server certificate and key: 
    build-key-server server
    • When prompted, enter the "Common Name" as "server"
    • When prompted to sign the certificate, enter "y"
    • When prompted to commit, enter "y"
  1. Client certificates and keys:
  1. For each client, choose a name to identify that computer, such as "vinh-laptop" in this example. 
    build-key vinh-laptop
    • When prompted, enter the "Common Name" as the name you have chosen (e.g. "vinh-laptop")
  2. Repeat this step for each client computer that will connect to the VPN.
  1. Generate Diffie Hellman parameters (This is necessary to set up the encryption) 
    build-dh

Configuration Files

  1. Find the sample configuration files: 
    Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files

Server Config File

  1. Open server.ovpn
  1. Find the following lines: 
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
  1. Edit them as follows: (lưu ý trên hệ thống 64 bit là Program Files (x86) )
    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
    key "C:\\Program Files\\OpenVPN\\config\\server.key"
    dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
  1. Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn

Client Config Files

This is similar to the server configuration
  1. Open client.ovpn
  1. Find the following lines: 
    ca ca.crt
    cert client.crt
    key client.key
  1. Edit them as follows: 
    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\vinh-laptop.crt"
    key "C:\\Program Files\\OpenVPN\\config\\vinh-laptop.key"
    • Notice that the name of the client certificate and key files depends upon the Common Name of each client.
  1. Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. If you need help, see Static Internet IP below. 
    remote my-server-1 1194
  1. Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.)

Copying the Server and Client Files to Their Appropriate Directories

  1. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server: 
    ca.crt
    dh1024.pem
    server.crt
    server.key
    server.ovpn
  1. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example): 
    ca.crt
    mike-laptop.crt
    mike-laptop.key
    mike-laptop.ovpn

Starting OpenVPN

  1. On both client and server, run OpenVPN from: 
    Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI
  1. Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.

Trong:

0 nhận xét:

Đăng nhận xét